Snare Server

Want to do something useful with your collected event log data? Want your data to be easily analysed within a web browser? With interactive reports, queries, alerts and objectives the Snare Server is what your business needs.

The Snare Server is a Security Information and Event Management Solution (SIEM), developed in the security labs of the defense industry, that provides robust audit event collection, analysis, reporting and archival capabilities of IT security log data. It can collect from a variety of operating systems, services and applications and can receive event log data directly from Snare Enterprise Agents, Snare Epilog files (ascii text log file), syslog network devices such as routers, switches, firewalls and authentication servers.

While the Snare Server offers the facilities and features required by the most demanding IT environments, it is also a cost-effective solution. With its TCO (total cost of ownership) providing substantial economic value in terms of:

But in summary, let’s just note a random selection of some of the key overall Snare Server facilities.

Tailored Objectives: Ability to add, modify or remove specific clonable objectives that have their own configurations, access controls, and distribution settings. Over 100 different reports including administrative security, sensitive file monitoring and user login activity.

User/Group Administration: The Snare Server offers you the ability to restrict particular capabilities and reports to particular Snare Server users. It also allows integration with Active Directory for user authentication.

Email Reporting: Snare includes the ability to automatically email regular or adhoc reports to a list of users, at identified intervals (eg: daily, weekly, monthly). This provides security administrators with the capability to facilitate access to Snare reports, without providing a login to the Snare Server.

Configuration Checking: Snare can collect, view, and report on configuration related data reported by the various Snare Agents. Examples include User and Group information, or Lotus Notes Access Controls.

Agent Management Console: Ability to manage the Snare Agents configuration through the Snare Server interface. Agents also have the ability to filter events at the front-end, reducing the load on your network, and local disk via their custom objective settings.

Network Device Reporting: Snare can collect from a variety of Network devices that supports syslog. This includes all common enterprise Firewalls, Routers and Switches.

Click-Through Detailed Analysis of Logging Data: Users can drill through for more information in each objective to view more details on the data.

CISCO Pix/ASA Firewall Reporting: CISCO Pix/ASA Firewalls, CISCO Routers, and other similar devices that use IOS, can report to the Snare Server.

Reflector technology allows collected events to be sent in real time to muliple destinations, such as failover/backup Snare Server or 3rd party collection system.

Compliance reporting. The Snare Server comes with many template objective reports to assist businesses with their compliance with PCI DSS, SOX, HIPPA and other standards. These can be customised to suit the local reporting needs.

Event and Log Sources

The Snare Server provides a centralized logging collection, analysis, reporting and archival capability for a variety of operating systems, appliances, and servers, including: